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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the 

application: 
Listing of Claims: 

1 . (Currently Amended) A method for providing access services, 

comprising: 

receiving user session state information for a first user at an application program 
interface for an access system, said user session state information is from an application without 
a web agent front end, said user session state information is from a cookie stored on a client for 
said first user, said user session state information is encrypted, and said step of receiving user 
session state information includes decrypting said user session state information; 

receiving, at said application program interface, a request to authorize said first 
user to access a first resource, said request to authorize is from said application without a web 
agent front end; 

providing authorization services of said access system to said application without 
a web agent front end using said application program interface in an attempt to authorize said 
first user to access said first resource without requiring said first user to re-submit authentication 
credentials; 

receiving a request from said application without a web agent front end for 
unencrypted data from said user session state information; and 

providing said unencrypted data from said user session state information to said 
application without a web agent front end , said application without a web agent front end does 
not have access to a key to decrypt said user session state information. 

2-4. (Canceled) 
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5. (Previously Presented) A method according to claim 1, wherein: 
said unencrypted data includes an identity for said first user. 



6. (Previously Presented) A method according to claim 1, wherein: 
said session state information was created by an access system; and 
said access system performs said step of attempting to authorize. 

7. (Currently Amended) A method according to claim 1, wherein: 

said user session state information was created by an access system and provided 



to said application without a web agent front end by said access system; 

said application without a web agent front end caused said session token to be 
stored in said cookie; and 

said access system attempts to authorize said first user. 

8. (Original) A method according to claim 1, wherein said user session state 
information includes: 



9. (Original) A method according to claim 1, wherein said resource request 
information includes: 



10. (Original) A method according to claim 1, wherein said resource request 
information includes: 

an identification of a resource type; 



an identity for said first user; 

an authentication level for said first user; and 



a session start time for said first user. 



an identification of a resource type; 
an identification of a resource; and 
an identification of an operation. 
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an identification of a resource; 

an identification of an operation; and 

query string information. 



1 1 . (Original) A method according to claim 1 , wherein said resource request 
information includes: 

an identification of a resource type; 
an identification of a resource; 
an identification of an operation; and 
post data information. 



12. (Original) A method according to claim 1, wherein: 
said web agent front end is a Web Gate. 



13. (Previously Presented) A method according to claim 1, wherein: 

said attempt to authorize is based on said user session state information and said 
resource request information. 

14. (Original) A method according to claim 1, further comprising the steps of: 
creating a resource request object, said resource request object represents a 

request to access said first resource; and 

creating a user session object, said user session object represents said first user 
after said first user has been authenticated. 



15. (Original) A method according to claim 1, further comprising the steps of: 
determining whether said first resource is protected; 
determining an authentication scheme for said first resource; and 
determining whether said authentication scheme is satisfied based on said user 
session state information. 
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16. (Currently Amended) A method according to claim 15, further 
comprising the steps of: 

making available to said application without a web agent front end an indication 
of whether said first resource is protected; and 

making available to said application without a web agent front end an indication 
of said authentication scheme. 

17. (Original) A method according to claim 1, further comprising the step of: 
determining one or more authentication actions for said first resource. 

18. (Currently Amended) A method according to claim 17, further 
comprising the step of: 

making available to said application without a web agent front end an indication 
of said one or more authentication actions for said first resource. 

19. (Original) A method according to claim 17, further comprising the step 

of: 

performing at least one of said authentication actions for said first resource. 

20. (Original) A method according to claim 1, further comprising the step of: 
determining one or more authorization actions for said first resource. 

21 . (Currently Amended) A method according to claim 20, further 
comprising the step of: 

making available to said application without a web agent front end an indication 
of said one or more authorization actions for said first resource. 

22. (Original) A method according to claim 20, further comprising the step 

of: 

performing at least one of said authorization actions for said first resource. 
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23. (Original) A method according to claim 1, further comprising the step of: 
determining one or more audit rules for said first resource. 

24. (Currently Amended) A method according to claim 23, further 
comprising the step of: 

making available to said application without a web agent front end an indication 
of said one or more audit rules for said first resource. 

25. (Original) A method according to claim 23, further comprising the step 

of: 

performing at least one of said audit rules for said first resource. 

26. (Original) A method according to claim 1, further comprising the step of: 
allowing said first user to access said first resource if said first user is authorized 

to access said first resource. 



27. (Currently Amended) A method for providing access services by an 
application without a web agent front end, comprising: 

receiving, at an application without a web agent front end, an electronic request 
from a first user to access a first resource, said step of receiving includes receiving information 
from a cookie wherein said information from said cookie is encrypted; 

providing said information from said cookie to an application program interface 
for an access system; and 

with said application without a web agent front end , accessing authorization 
services of said access system using said application program interface, said accessing includes 
requesting said access system to authorize said first user to access said first resource based on 
information from said electronic request from said first user and based on said information from 
said cookie wherein said applicatio n without a web agent front end does not have access to a key 
for decrypting said information from said cookie; 
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requesting unencrypted data from said information from said cookie, said request 
being made to said access syst e m application program interface; and 

receiving said unencrypted data from said access syst e m application program 

interface. 

28-30. (Canceled) 

3 1 . (Currently Amended) A method according to claim 27, further 
comprising the steps of: 

requesting data from said information from said cookie, said request being made 
to said acc e ss system application program interface; 

receiving said data from said access system application program interface; and 
using said data for an access system service. 

32. (Original) A method according to claim 27, wherein: 

said information from said cookie was originally provided by a first web agent.. 

33. (Currently Amended) A method according to claim 27, wherein: 

said information from said cookie was originally provided by said access system 
application program interface. 

34. (Original) A method according to claim 27, further comprising the steps 

of: 

determining whether said first resource is protected; 
determining an authentication scheme for said first resource; 
determining whether said authentication scheme is satisfied based on said 
information from said cookie; and 

determining whether said first user is authorized to access said first resource. 
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35. (Original) A method according to claim 34, further comprising the step 

of: 

allowing said first user to access said first resource if said first user is authorized 
to access said first resource. 

36. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method 
comprising: 

receiving user session state information for a first user at an application program 
interface for an access system, said user session state information is from an application without 
a web agent front end, said user session state information is from a cookie stored on a client for 
said first user, said user session state information is encrypted, and said step of receiving user 
session state information includes decrypting said user session state information; 

receiving, at said application program interface, a request to authorize said first 
user to access a first resource, said request to authorize is from said application without a web 
agent front end; 

providing authorization services of said access system to said application without 
a web agent front end using said application program interface in an attempt to authorize said 
first user to access said first resource without requiring said first user to re-submit authentication 
credentials; 

receiving a request from said applicatio n without a web agent front end for 
unencrypted data from said user session state information; and 

providing said unencrypted data from said user session state information to said 
applicatio n without a web agent front end , said application without a web agent front end does 
not have access to a key to decrypt said user session state information. 

37-38. (Canceled) 
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39. (Previously Presented) One or more processor readable storage devices 
according to claim 36, wherein: 

said session state information was created by an access system; and 
said access system attempts to authorize said first user. 

40. (Currently Amended) One or more processor readable storage devices 
according to claim 36, wherein said method further comprises the steps of: 

determining whether said first resource is protected; 

determining an authentication scheme for said first resource; 

determining whether said authentication scheme is satisfied based on said user 
session state information; 

making available to said applicatio n without a web agent front end an indication 
of whether said first resource is protected; and 

making available to said application without a web agent front end an indication 
of said authentication scheme. 



41 . (Currently Amended) One or more processor readable storage devices 
according to claim 36, wherein said method further comprises the steps of: 

determining one or more authorization actions for said first resource; and 
making available to said applicatio n without a web agent front end an indication 
of said one or more authorization actions for said first resource. 



42. (Original) One or more processor readable storage devices according to 
claim 36, further comprising the step of: 

allowing said first user to access said first resource if said first user is authorized 
to access said first resource. 



43. (Currently Amended) An apparatus, comprising: 
a communication interface; 
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one or more storage devices; and 

one or more processors in communication with said one or more storage devices 
and said communication interface, said one or more processors programmed to perform a method 
comprising: 

receiving user session state information for a first user at an application 
program interface for an access system, said user session state information is from an application 
without a web agent front end, said user session state information is from a cookie stored on a 
client for said first user, said user session state information is encrypted, and said step of 
receiving user session state information includes decrypting said user session state information, 

receiving, at said application program interface, a request to authorize said 
first user to access a first resource, said request to authorize is from said application without a 
web agent front end, 

providing authorization services of said access system to said application 
without a web agent front end using said application program interface in an attempt to authorize 
said first user to access said first resource without requiring said first user to re-submit 
authentication credentials, 

receiving a request from said application without a web agent front end for 
unencrypted data from said user session state information, and 

providing said unencrypted data from said user session state information 
to said applicatio n without a web agent front end , said applicatio n without a web agent front end 
does not have access to a key to decrypt said user session state information. 

44-45. (Canceled) 

46. (Previously Presented) An apparatus according to claim 43, wherein: 
said session state information was created by an access system; and 
said access system attempts to authorize said first user. 
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47. (Currently Amended) An apparatus according to claim 43, wherein said 
method further comprises the steps of: 

determining whether said first resource is protected; 

determining an authentication scheme for said first resource; 

determining whether said authentication scheme is satisfied based on said user 
session state information; 

making available to said application without a web agent front end an indication 
of whether said first resource is protected; and 

making available to said application without a web agent front end an indication 
of said authentication scheme. 

48. (Currently Amended) An apparatus according to claim 43, wherein said 
method further comprises the steps of: 

determining one or more authorization actions for said first resource; and 
making available to said application without a web agent front end an indication 
of said one or more authorization actions for said first resource. 

49. (Original) An apparatus according to claim 43, further comprising the 

step of: 

allowing said first user to access said first resource if said first user is authorized 
to access said first resource. 

50. (Currently Amended) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method for 
providing access services by an application without a web agent front end, the method 
comprising: 
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receiving, at an the_application without a web agent front end, an electronic 
request from a first user to access a first resource, said step of receiving includes receiving 
information from a cookie wherein said information from said cookie is encrypted; 

providing said information from said cookie to an application program interface 
for an access system wherein said application without a web agent front end does not have access 
to a key for decrypting said information from said cookie; 

with said applicatio n without a web agent front end , accessing authorization 
services of said access system using said application program interface, said accessing includes 
requesting said access system to authorize said first user to access said first resource based on 
information from said request from said first user and based on said information from said 
cookie; 

requesting unencrypted data from said information from said cookie, said request 
being made to said acc e ss syst e m application program interface; 

receiving said unencrypted data from said acc e ss syst e m application program 

interface; and 

using said unencrypted data for an access system service. 
51-55. (Canceled) 

56. (Currently Amended) A method for providing access services, 

comprising: 

authenticating a first user; 

causing user session state information to be stored at a client for said first user 
wherein said user session state information is from a cookie stored on a client for said first user 
and said user session state information is encrypted; 

authorizing said first user to access a first protected resource; 

receiving a request from an application without a web agent front end to allow 
said first user to access a second protected resource, said step of receiving a request includes 
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receiving said user session state information from said application without a web agent front end 
and includes decrypting said user session state information; 

authorizing said first user to access said second protected resource without 
requiring said first user to re-submit authentication credentials, if said first user is authorized to 
access said second protected resource; 

receiving a request from said application without a web agent front end for 
unencrypted data from said user session state information; and 

providing said unencrypted data from said user session state information to said 
application without a web agent front end , said applicatio n without a web agent front end does 
not have access to a key to decrypt said unencrypted data from said user session state 
information. 

57-58. (Canceled) 

59. (Previously Presented) A method according to claim 56, wherein: 
said session state information was created by an access system; and 
said access system performs said step of allowing. 



60. (Currently Amended) A method according to claim 56, further 
comprising the steps of: 

determining whether said second resource is protected; 

determining an authentication scheme for said second resource; 

determining whether said authentication scheme is satisfied based on said user 
session state information; 

making available to said application without a web agent front end an indication 
of whether said first resource is protected; and 

making available to said application without a web agent front end an indication 
of said authentication scheme. 
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61 . (Currently Amended) A system comprising: 
a client; 

at least one application without a web agent front end adapted to receive a request 
from said client for a first user to access a first resource, said request includes information from a 
cookie wherein said information from said cookie in encrypted and said application without a 
web agent front end does not have access to a key for decrypting said information from said 
cookie; 

an access server adapted to provide authorization services for requests to access 
said first resource; and 

an application program interface for said access server, said application program 
interface receives said information from said cookie and a request from said at least one 
applicatio n without a web agent front end to authorize said first user to access said first resource, 
said application program interface provides said authorization services to said at least one 
applicatio n without a web agent front end by attempting to authorize said first user to access said 
first resource based on information from said request from said first user and based on said 
information from said cookie. 

62. (Currently Amended) The system of claim 61, wherein: 

said applicatio n without a web agent front end requests unencrypted data from 
said information from said cookie, said request being made to said application program interface; 
and 

said applicatio n without a web agent front end receives said unencrypted data 
from said application program interface and uses said unencrypted data for an access system 
service. 

63 . (Previously Presented) The system of claim 6 1 , wherein: 
said access system includes an access server; and 

said application program interface for said access system is not located at said 

access server. 
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64. (Previously Presented) The method of claim 1, further comprising: 
maintaining at a directory server a policy domain, wherein the policy domain 

comprises: 

at least one authorization rule for said first resource; 

at least one authentication rule for said first resource; and 

at least one audit rule for said first resource. 

65. (Previously Presented) The method of claim 64, wherein the at least one 
authentication rule is a plurality of authentication rules comprising a first level authentication 
rule and a second level authentication rule. 

66. (Previously Presented) The method of claim 64, wherein the policy 
domain comprises at least one URL prefix. 

67. (Previously Presented) The method of claim 64, wherein the policy 
domain comprises at least one host identifiers. 
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